In C99, undefined behavior can result when control reaches the end of a non-void function, and the value of the function call is used. This is almost always a programming error, and can lead to unexpected behavior.
In this noncompliant code example, control reaches the end of the checkpass function when the two strings passed to strcmp are not equal. This leads to undefined behavior, and various compilers generate code equivalent to the checkpass function returning various values when no return statement is reached.
int checkpass(char *password) {
if (strcmp(password, "pass") == 0) {
return 1;
}
}
/* ... */
if (checkpass(userinput)) {
printf("Success!\n");
}
|
This error can often be detected through the analysis of compiler warnings. For example, when this code is compiled with -Wall on most versions of the GCC compiler,
#include <stdio.h>
int main(void) {
printf("test\n");
}
|
the following warning will be generated
example.c: In function ‘main’: example.c:5: warning: control reaches end of non-void function |
This compliant solution ensures that control never reaches the end of the checkpass function.
int checkpass(char *password) {
if (strcmp(password, "pass") == 0) {
return 1;
}
return 0;
}
/* ... */
if (checkpass(userinput)) {
printf("Success!\n");
}
|
Using the return value from a non-void function where control reaches the end of the function can lead to unexpected program behavior, and possibly abnormal program termination.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC37-C |
medium |
unlikely |
low |
P6 |
L2 |
\[[ISO/IEC 9899:1999|AA. References#ISO/IEC 9899:1999]\] Section 6.9.1, "Function definitions" |